My Oracle Support Banner

Self XSS Vulnerability Combined With CSRF Leads To Reflected XSS (Doc ID 2830685.1)

Last updated on DECEMBER 30, 2021

Applies to:

Oracle Financial Services Transaction Filtering - Version and later
Information in this document applies to any platform.


 Applications did not check and validate the value of the parameter “infodom” submitted by the user before inputting the response data back to the user in the [OFSAA URL]/XML_XSD_CONF_UI/index_sepa_admin.jsp


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.